Machine Learning Techniques for Anomalies Detection and Classification

Malicious users are always trying to intrude the information systems, taking advantage of different system vulnerabilities. As the Internet grows, the security limitations are becoming more crucial, facing such threats. Intrusion Detection Systems (IDS) are a common protecting systems that is used to detect malicious activity from inside and outside users of a system. It is very important to increase detection accuracy rate as possible, and get more information about the detected attacks, as one of the drawbacks of an anomaly IDS is the lack of detected attacks information. In this paper, an IDS is built using Genetic Algorithms (GA) and Principal Component Analysis (PCA) for feature selection, then some classification techniques are applied on the detected anomalies to define their classes. The results show that J48 mostly give better results than other classifiers, but for certain attacks Naive Bayes give the best results.